Abstract: A method for controlling access to process data includes encrypting process data of a process; receiving a request to access the process data; requesting a security code to access the encrypted process data; receiving the security code; authenticating the received security code; and granting access to the encrypted process data if the received security code is successfully authenticated and denying access to the encrypted process data if the received security code is not successfully authenticated.

Abstract: In an embodiment, systems and methods for detecting malware are provided. A server trains a static malware model and a dynamic malware model to detect malware in files. The models are distributed to a plurality of user devices for use by antimalware software executing on the user devices. When a user device receives a file, the static malware model is used to determine whether the file contains malware. If the static malware model is unable to make the determination, when the file is later executed, the dynamic malware model is used to determine whether the file contains malware. The file along with the determination made by the dynamic malware model are then provided to the server. The server then retrains the static malware model using the received files and the received determinations. The server then distributes the updated static malware model to each of the devices.

Abstract: In an embodiment, systems and methods for detecting malware are provided. A server trains a static malware model and a dynamic malware model to detect malware in files. The models are distributed to a plurality of user devices for use by antimalware software executing on the user devices. When a user device receives a file, the static malware model is used to determine whether the file contains malware. If the static malware model is unable to make the determination, when the file is later executed, the dynamic malware model is used to determine whether the file contains malware. The file along with the determination made by the dynamic malware model are then provided to the server. The server then retrains the static malware model using the received files and the received determinations. The server then distributes the updated static malware model to each of the devices.

Abstract: In an embodiment, systems and methods for detecting malware are provided. A server trains a static malware model and a dynamic malware model to detect malware in files. The models are distributed to a plurality of user devices for use by antimalware software executing on the user devices. When a user device receives a file, the static malware model is used to determine whether the file contains malware. If the static malware model is unable to make the determination, when the file is later executed, the dynamic malware model is used to determine whether the file contains malware. The file along with the determination made by the dynamic malware model are then provided to the server. The server then retrains the static malware model using the received files and the received determinations. The server then distributes the updated static malware model to each of the devices.

Abstract: In an embodiment, systems and methods for detecting malware are provided. A server trains a static malware model and a dynamic malware model to detect malware in files. The models are distributed to a plurality of user devices for use by antimalware software executing on the user devices. When a user device receives a file, the static malware model is used to determine whether the file contains malware. If the static malware model is unable to make the determination, when the file is later executed, the dynamic malware model is used to determine whether the file contains malware. The file along with the determination made by the dynamic malware model are then provided to the server. The server then retrains the static malware model using the received files and the received determinations. The server then distributes the updated static malware model to each of the devices.

Abstract: A method including configuring, by an infrastructure device, a user device to receive harmful patterns indicating characteristics of harmful traits included in affected data known to include malicious content and clean patterns indicating characteristics of clean traits included in clean data known to be free of the malicious content; configuring the user device to receive a first portion of given data; configuring the user device to determine a pattern associated with traits included in the first portion of the given data; configuring the user device to determine whether the first portion of the given data includes the malicious content based on comparing the determined pattern with the harmful patterns and the clean patterns; and configuring the user device to selectively receive a second portion of the given data based determining whether the first portion of the given data includes the malicious content is disclosed. Various other aspects are contemplated.

Abstract: A method including receiving, by a user device, harmful patterns indicating characteristics of harmful traits included in affected data known to include malicious content and clean patterns indicating characteristics of clean traits included in clean data known to be free of the malicious content; determining, by the user device, a pattern associated with traits included in given data; and determining, by the user device, whether the given data includes the malicious content based at least in part on comparing the determined pattern with the harmful patterns and the clean patterns. Various other aspects are contemplated.

Abstract: An exemplary system and method are disclosed for detecting malware via an antimalware application employing adversarial machine learning such as generative adversarial machine learning and the training and/or configuring of such systems. The exemplary system and method are configured with two or more generative adversarial networks (GANs), including (i) a first generative adversarial network (GAN) that can be configured using a library of malware code or non-malware code and (ii) a second generative adversarial network (GAN) that operates in conjunction with the first generative adversarial network (GAN) in which the second generative adversarial network is configured using a library of non-malware code.

Abstract: A method including determining, by an infrastructure device, harmful patterns indicating characteristics of harmful traits included in affected data known to include harmful content, and clean patterns indicating characteristics of clean traits included in clean data known to be free of the harmful content; training, by the infrastructure device, a machine learning model to indicate presence of the harmful content based at least in part on utilizing the harmful patterns and the clean patterns; transmitting, by the infrastructure device to a user device, the harmful patterns, the clean patterns, and the machine learning model; and determining, by the user device, whether given data includes the harmful content based at least in part on utilizing the harmful patterns, the clean patterns, and the machine learning model. Various other aspects are contemplated.

Abstract: A method including transmitting, by a network device to a security device, an initial security instruction set including a plurality of initial security instructions associated with operation of the security device; transmitting, by the network device to the security device, an event signal associated with the security device carrying out the network-facing operation; receiving, by the network device from the security device based on transmitting the event signal, a security instruction associated with the security device carrying out the network-facing operation, the security instruction being from among the plurality of initial security instructions; translating, by the network device, the security instruction into a host instruction to be executed by the network device; and transmitting, by the network device to the security device based on executing the translated host instruction, communication information to enable the security device to carry out the network-facing operation is disclosed.

Abstract: Systems and methods for data augmentation used in training an anti-malware (AM) machine learning model are provided herein. In some embodiments, a method for data augmentation may include receiving a first plurality of binary files each having a first binary structure, wherein the first plurality of binary files include one or more known malicious and benign files; modifying the binary structure of each of the first plurality of binary files to produce a second plurality of binary files each having a second binary structure that is different from the first binary structure; using the first and second plurality of binary files to train an AM machine learning model as to which files are malicious and which files are benign; and using the trained AM machine learning model to identify new malicious files.

Abstract: A method including analyzing affected data known to include harmful content to identify harmful traits that are included in the affected data with a frequency that satisfies a threshold frequency; analyzing clean data known to be free of harmful content to identify clean traits that are included in the clean data with a frequency that satisfies the threshold frequency; determining harmful patterns indicating characteristics of the harmful traits included in affected data based at least in part on comparing the affected data with the harmful traits and the clean traits; determining clean patterns indicating characteristics of the clean traits included in clean data based at least in part on comparing the clean data with the harmful traits and the clean traits; and determining whether given data includes the harmful content based at least in part on utilizing the harmful patterns and the clean patterns. Various other aspects are contemplated.

Abstract: A method and apparatus for providing IP address filtering. The method identifies one or more suspicious Uniform Resource Locators (URLs) and resolves the one or more suspicious URLs to one or more suspicious IP addresses. A suspicious IP address list is created containing the one or more suspicious IP addresses. The suspicious IP address list may be used to facilitate a security response to filter one or more of the IP addresses in the suspicious IP address list.

Abstract: Systems and methods for using a kernel module to provide computer security are provided herein. In some embodiments, a method for providing computer security may include launching a kernel module at the kernel-level of a computing device, redirecting, using the kernel module, communications traffic away from a browser executing on the computing device, decoding, using the kernel module, the received traffic to create decoded traffic, analyzing the decoded traffic, using the kernel module, for content having particular characteristics and create analyzed traffic, encoding, using the kernel module, at least a portion of the analyzed traffic to create encrypted traffic, and directing the encrypted traffic to the browser.